Version of October 22th, 2020
When you use this product, you share information with us, these information can be personal or not, anyway we want to be transparent about the data we collect, the way we use it, to the circumstances that may lead us to share them, and the controls we offer you to access, update, or delete your data.
Who will process your personal data?
Stemic's services are provided by INTACTILE, a simplified joint-stock company (SAS) registered in France (registration number: 433 268 091; address: 20 rue du Carré du Roi, 34000 Montpellier, France). If you have a user account on Stemic, INTACTILE is responsible for processing your personal data, in accordance with EU law.
Some Stemic services are outsourced to third parties, they might also use your personal data when acting on our behalf. We will detail below the services that we outsource.
What types of personal data do we process?
Data you share with us
Information related to your account
If you decide to create an account on Stemic to save your work, we will ask you to provide us some personal data about you such as: your last name, your first name, your e-mail address and your encrypted password. These personal data will be stored on our secure servers and accessible only to the Stemic team. These personal data are required for the creation of an account on Stemic. They are necessary to provide you Stemic's services.
If you subscribe to the Stemic Pro offer, you must provide some billing and payment information such as your billing address and the credit card information used during payment. These information are collected by Stripe, a third-party service specializing in the management of secure payments. These data are necessary to provide you Stemic's services.
When you use Stemic we also keep files on our servers that track user activity. These files may contain among others:
- information about the actions users do on Stemic;
- information about your device, such as your IP, your web browser type and the language used;
- consultation hours;
- the pages viewed.
We store information anonymously about the interactions you use to perform some actions. For example, we can store information about how you create objects in your maps (by double-clicking or dragging and dropping from the catalog), how you assign a category to an object (by menu or by dropping an object in a category, etc.). We also anonymously collect information from and on the devices you use. Thus, we collect the version of the operating system, the type of browser, the language and the time zone.
Third party data collected
Others Stemic users
When you use the feature of sharing your maps with other users, you provide us the email addresses of those users. These latter users may already have a Stemic account in which case we already store this data. It can also be e-mails from users who do not yet have a Stemic account and in this case we will have to store these e-mails.
What is the legal basis for processing your data?
If you are a resident of the European Union, we collect and process your information only if we have a legal basis for doing so (in accordance with applicable EU law). We therefore collect and use your information only if:
- This is necessary to provide you Stemic's services, including setting up and maintaining your Stemic account, to provide customer support, and to protect the security of our services [Necessary for the provision of services]
- This responds to a legitimate interest (which is not overridden by your data protection interests), for example for research and development purposes, for the advertising and promotion of our services, and for the protection of our legal rights and interests [Legitimate interest]
- You give us your consent to do so, for a specific purpose [Consent]
- This is necessary to meet a legal obligation [Legal obligation]
How do we use your data?
We will use your personal data, such as your account information, for the provision and maintenance of your user account, to authenticate you, and to provide you Stemic's services.
We will process your registration and billing information for billing purposes, including completing transactions and sending you related information, including purchase confirmations and invoices.
Research & development
We are constantly improving the interactions between you and Stemic and making them as relevant as possible. We use statistical data and log files on how people use our services so that we can tailor new features to the overall characteristics of the issues addressed by our users.
We use information about you to secure your profile, verify accounts and activities, track suspicious and fraudulent activities, and identify possible violations of our Terms of Service or our Policy of Use.
Occasionally, we may link personal information to information obtained from our log files, in order to improve the experience of our users. In this case, we treat the combined information in accordance with this policy.
We may send you security, assistance or administrative alert messages. Please note that it is not possible to unsubscribe from certain service messages from us such as security alerts and necessary legal warnings.
If you are already a Stemic user, we may use your email address to send you marketing communications, for example information about new features of our product, unless you have unsubscribed from such communications (all communications that we send to you by e-mail contain a link at the bottom of the e-mail allowing you to unsubscribe).
Compliance with our terms of service and our legal obligations
We reserve the right to use your information if required by law, or to enforce our terms of service and other policies of use.
We are required to share certain personal data as part of the execution of our service with the following third parties:
Third party service providers
Stripe is a service providing a technical and banking infrastructure for making online payments. Stemic uses Stripe to manage the subscription to its Pro offer. When a user subscribes to the Pro offer, we share with Stripe: its e-mail, last name, first name and (billing) address.
Mailchimp is an e-mail delivery management service that we use to send marketing campaigns to our users (eg to notify them of new features that we regularly add to Stemic). We share with Mailchimp, the last name, first name, e-mail and language of our users.
Mailgun is an e-mail sending service that we use to send e-mails automatically to our users in connection with the use of the Stemic application (ex: sending the e-mail allowing to update their password). We share our users' e-mail with Mailgun.
Apart from the third party(s) listed above, we may also be required to share certain personal data in the following specific cases:
- comply with any valid legal procedure, any administrative request or any applicable law, rule or regulation;
- investigate, resolve or sanction potential violations of the Terms of Service;
- protect our rights, property or safety, as well as those of our users or any other person;
- detect and resolve any fraud or security problem.
In any case, we undertake to not provide any personal information to states that are not members of the European Union.
Information shared by you
When using Stemic you may need to share information with other users, for example when you share your map with other users, they will be able to see the email address associated with your Stemic account.
Retention period of your data
We keep your basic account information (such as your last name, first name, e-mail address) and associated data until you ask us to delete them (you can send your request to the following email address: firstname.lastname@example.org), or until you delete your account (see procedure below), or until a court decision asks us to withdraw them or in the case of prolonged inactivity: if you have not logged into your account for 2 years, we will send you an e-mail (2 weeks before the effective deletion of your account) asking you to log into Stemic to prevent your account from being deleted. If you do not log into your account within 14 days after receiving this e-mail, we will automatically delete your account and its associated data.
If you decide to stop using Stemic, all you need to do is to delete your account. To do this, navigate to your Stemic account page, then at the bottom of the page click on the “Delete my account” button, you will be asked to confirm your password. Once your password is confirmed, your account and associated data will be permanently deleted. We nevertheless keep a computer record of the deletion of your account (e-mail associated with the account and date of deletion) to comply with GDPR regulations, this regulatory data will be kept for 2 years.
Please note that we may be subject to legal obligations requiring us to retain your data. We may need to suspend these deletion practices if requested to do so, as part of a valid legal process, or if we receive information about abuse or other violations of the Terms of Service. Finally, we may also retain certain information as a backup for a limited period or if required by law.
Your privacy rights
You can ask us to:
- detail the personal data that we (and our subcontractors) store about you
- correct / modify your personal data
- delete your personal data not essential for the functioning of the Stemic service
To make any of these requests, please email us at email@example.com. We promise to respond to you within 30 days. For security reasons, we may need to verify your identity to respond to your request.
The following additional rights may apply if you are subject to GDPR regulations:
- right of access to personal data
- right to rectify your personal data
- right to erase your personal data
- right to limit the processing of your personal data
- right to oppose the processing of your personal data
- right to data portability
- right to withdraw consent at any time when it has been given
- right to lodge a complaint with your local data protection authority
- right to define directives relating to the use of his personal data after his death
If you wish to exercise one of the rights listed above, you can contact us at the address firstname.lastname@example.org. We will process your request in accordance with applicable law. For security reasons, we may need to verify your identity to respond to your request.
Please note that in case of any discrepancy between the English and French versions of this policy, the French version will prevail, the English version is for information only.